Ubuntu has issued an advisory today (May 5): https://ubuntu.com/security/notices/USN-5403-1 The CVE is disputed and the issue only affects the sqlite3 command, not the library. We probably don't need to push a fix for this right away (could possibly wait for more CVEs).
Fixed in mga8: src.rpm: - sqlite3-3.34.1-1.2.mga8
CC: (none) => mageiaAssignee: bugsquad => qa-bugs
sqlite3-tools-3.34.1-1.2.mga8 libsqlite3_0-3.34.1-1.2.mga8 libsqlite3-devel-3.34.1-1.2.mga8 lemon-3.34.1-1.2.mga8 sqlite3-tcl-3.34.1-1.2.mga8 libsqlite3-static-devel-3.34.1-1.2.mga8 from sqlite3-3.34.1-1.2.mga8.src.rpm
MGA8-64 Plasma on Lenovo B50 No installation issues. Installed sqlitestudio alongside and used that to create a new database and create a new table in it with a PK, not null string, other sring without rules and a timestamp column. Populated a few rows, all worked OK.
Whiteboard: (none) => MGA8-64-OKCC: (none) => herman.viaene
Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Advisory committed to svn as ... type: security subject: Updated sqlite3 packages fix security vulnerability CVE: - CVE-2021-36690 src: 8: core: - sqlite3-3.34.1-1.2.mga8 description: | ** DISPUTED ** A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges (e.g., is intentionally allowed to execute commands). This report does NOT imply any problem in the SQLite library. As the cve assignment is disputed, this update may be changed in future from a security update to a bugfix update. references: - https://bugs.mageia.org/show_bug.cgi?id=30384 - https://ubuntu.com/security/notices/USN-5403-1
CC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0175.html
Status: NEW => RESOLVEDResolution: (none) => FIXED